Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for controlling access to data held in the cloud, comprising: determining, at a cloud server, the validity of user credentials received from a user device; receiving context data related to the user device based on the validity of the user credentials; synchronizing the context data with the cloud server; and enforcing context-sensitive security checks on requests made by a user for resources based on sensor data collected by the user device, wherein the context data comprises data about a state of a physical world outside of the user device, wherein the context data comprises data about a state of the user device itself, wherein the context data about the state of the physical world outside of the user device comprises a user identity, a global positioning system location of the user device, and an accelerometer reading, and wherein the context data about the state of the user device itself comprises applications running on the user device at a given time, a battery level of the user device, and screen brightness of the user device.
This patent describes a method for enhancing cloud data access control. The problem addressed is the need for more robust and context-aware security beyond simple credential verification. The technology domain is cloud computing and user device security. The method begins by a cloud server determining the validity of user credentials provided by a user device. Upon successful credential validation, context data related to the user device is received. This context data is then synchronized with the cloud server. Subsequently, security checks are enforced on user requests for resources. These checks are context-sensitive, utilizing sensor data collected by the user device. The context data itself includes information about the physical world outside the user device, such as user identity, the device's GPS location, and accelerometer readings. Additionally, it encompasses data about the state of the user device itself, including running applications, battery level, and screen brightness. This comprehensive contextual information allows for more intelligent and dynamic security enforcement.
2. The method for controlling access to data held in the cloud according to claim 1 , wherein access to the resources is subject to one or more preconditions related to the context data.
This invention relates to cloud-based data access control systems that regulate access to cloud-stored resources based on contextual conditions. The system monitors contextual data, such as user location, device status, or time of access, and enforces access restrictions by evaluating predefined conditions tied to this contextual information. For example, access to sensitive data may be restricted unless the user is within a specific geographic boundary or using a trusted device. The system dynamically adjusts permissions in real-time as contextual factors change, ensuring that access aligns with security policies. This approach enhances security by preventing unauthorized access attempts that deviate from expected usage patterns. The invention builds on a foundational method for managing cloud data access, where contextual data is collected and analyzed to determine compliance with access rules. By integrating conditional checks, the system ensures that access is granted only when all specified conditions are met, reducing the risk of data breaches. The solution is particularly useful in environments where access requirements vary based on dynamic factors, such as remote work scenarios or multi-tenant cloud services.
3. The method for controlling access to data held in the cloud according to claim 1 , further comprising determining if the requests for resources are compliant with access control policies of the cloud server in addition to enforcing the context-sensitive security checks.
This invention relates to cloud-based data access control systems that enhance security by combining traditional access control policies with context-sensitive security checks. The problem addressed is the need for more dynamic and adaptive security measures in cloud environments, where static access policies alone may be insufficient to prevent unauthorized data access. The method involves a cloud server receiving requests for resources from client devices. Before granting access, the system first evaluates whether the requests comply with predefined access control policies, such as role-based or attribute-based rules. Additionally, the system performs context-sensitive security checks, which assess factors like the client device's location, network conditions, time of access, or behavioral patterns. These checks ensure that even if a request meets basic access policies, it is further scrutinized based on real-time contextual factors that may indicate suspicious activity. By integrating both policy compliance and contextual analysis, the system provides a more robust security framework for cloud data. This approach helps prevent unauthorized access attempts that might bypass traditional access controls, improving overall data protection in cloud environments. The method is particularly useful in scenarios where static policies are insufficient, such as detecting anomalies in access patterns or mitigating risks from compromised credentials.
4. The method for controlling access to data held in the cloud according to claim 1 , wherein the context-sensitive security checks varies based on a sensitivity level of the resources.
This invention relates to cloud-based data access control systems that dynamically adjust security measures based on the sensitivity level of the resources being accessed. The system monitors user behavior, device characteristics, and environmental factors to assess risk in real-time. When a user requests access to cloud-stored data, the system evaluates the context—such as the user's location, device security posture, and network conditions—to determine the appropriate level of authentication or authorization required. For highly sensitive data, the system enforces stricter security checks, such as multi-factor authentication or additional biometric verification, while less sensitive data may allow access with standard credentials. The system also adapts its security policies based on historical access patterns and anomaly detection to prevent unauthorized access. By dynamically adjusting security measures according to resource sensitivity, the system balances usability and protection, ensuring that only authorized users can access data while minimizing disruptions for legitimate access attempts. This approach reduces the risk of data breaches by applying proportional security controls based on the criticality of the information.
5. A cloud server that for controlling access to data held in the cloud, comprising: at least one processor; and at least one memory including computer program code, wherein the at least one memory and the computer program code are configured to, with the at least one processor, cause the apparatus at least to determine the validity of user credentials received from a user device; receive context data related to the user device based on the validity of the user credentials; synchronize the context data with the cloud server; and enforce context-sensitive security checks on requests made by a user for resources based on sensor data collected by the user device, wherein the context data comprises data about a state of a physical world outside of the user device, wherein the context data comprises data about a state of the user device itself, wherein the context data about the state of the physical world outside of the user device comprises a user identity, a global positioning system location of the user device, and an accelerometer reading, and wherein the context data about the state of the user device itself comprises applications running on the user device at a given time, a battery level of the user device, and screen brightness of the user device.
This invention relates to a cloud server system for controlling access to cloud-stored data using context-aware security measures. The system addresses the challenge of securing cloud data access by dynamically evaluating user requests based on real-time contextual information from the user's device and its environment. The cloud server includes processing and memory components that validate user credentials and, upon successful authentication, collect context data from the user device. This context data includes both physical world state information (such as user identity, GPS location, and accelerometer readings) and device state information (such as running applications, battery level, and screen brightness). The server synchronizes this data and applies context-sensitive security checks to user requests for cloud resources. For example, access may be restricted if the device's location or movement patterns deviate from expected norms, or if the device's battery level suggests unusual usage. By integrating these contextual factors, the system enhances security beyond traditional credential-based authentication, adapting access controls to real-world conditions and device behavior.
6. The cloud server according to claim 5 , wherein access to the resources is subject to one or more preconditions related to the context data.
A cloud server system manages access to computing resources based on contextual data. The system collects and analyzes contextual information such as user identity, device type, location, time, and network conditions to determine access permissions. This approach enhances security and resource allocation by dynamically adjusting access rights in response to real-time conditions. For example, a user may be granted access to certain resources only if they are using a trusted device or are within a specific geographic area. The system also enforces preconditions, such as requiring multi-factor authentication or limiting access during high-risk periods, to further secure sensitive resources. By integrating contextual awareness, the cloud server ensures that resource access aligns with organizational policies and security requirements, reducing unauthorized usage and improving operational efficiency. The system may also log access attempts and contextual data for auditing and compliance purposes. This method provides a flexible and adaptive security framework for cloud-based resource management.
7. The cloud server according to claim 5 , wherein the at least one memory and the computer program code are further be configured to, with the at least one processor, cause the apparatus at least to determine if the requests for resources are compliant with access control policies of the cloud server in addition to enforcing the context-sensitive security checks.
This invention relates to cloud server security, specifically enhancing access control by combining context-sensitive security checks with compliance verification against predefined access policies. The system operates within a cloud computing environment where users or applications request access to resources such as data, services, or computing power. The problem addressed is ensuring secure and compliant resource access by dynamically evaluating both contextual factors (e.g., user behavior, device state, network conditions) and predefined access control policies (e.g., role-based permissions, data sensitivity rules). The cloud server includes at least one processor, memory, and computer program code configured to perform security checks. The system first evaluates requests for resources using context-sensitive security checks, which analyze real-time conditions like user location, time of access, or device authentication status to detect anomalies or unauthorized access attempts. Additionally, the system verifies whether the requests comply with the cloud server's access control policies, which define permissible actions based on user roles, resource sensitivity, or organizational rules. This dual-layered approach ensures that access decisions are both contextually appropriate and policy-compliant, reducing the risk of unauthorized access or policy violations. The invention improves cloud security by integrating dynamic contextual analysis with static policy enforcement, providing a more robust and adaptive access control mechanism.
8. The cloud server according to claim 5 , wherein the context-sensitive security checks varies based on a sensitivity level of the resources.
A cloud server system provides dynamic security checks for accessing cloud-based resources, where the security checks are context-sensitive and adapt based on the sensitivity level of the resources. The system monitors user activity and environmental factors, such as device type, location, and time of access, to determine the appropriate security measures. For highly sensitive resources, the system enforces stricter authentication methods, such as multi-factor authentication or biometric verification, while less sensitive resources may require only basic credentials. The system also adjusts security policies in real-time based on detected anomalies or suspicious behavior, such as unusual access patterns or unauthorized access attempts. By dynamically adjusting security checks according to the sensitivity of the resources, the system balances security and usability, ensuring that high-risk resources are protected while minimizing disruptions for low-risk access. The system may also integrate with existing identity management and threat detection services to enhance its security capabilities. This approach reduces the risk of unauthorized access and data breaches while maintaining a seamless user experience for legitimate access requests.
9. A computer program, embodied on a non-transitory computer readable medium, the computer program, when executed by a processor, causes the processor to: determine, at a cloud server, the validity of user credentials received from a user device; receive context data related to the user device based on the validity of the user credentials; synchronize the context data with the cloud server; and enforce context-sensitive security checks on requests made by a user for resources based on sensor data collected by the user device, wherein the context data comprises data about a state of a physical world outside of the user device, wherein the context data comprises data about a state of the user device itself, wherein the context data about the state of the physical world outside of the user device comprises a user identity, a global positioning system location of the user device, and an accelerometer reading, and wherein the context data about the state of the user device itself comprises applications running on the user device at a given time, a battery level of the user device, and screen brightness of the user device.
This invention relates to a cloud-based security system that validates user credentials and enforces context-sensitive security checks based on sensor data collected by a user device. The system determines the validity of user credentials received from a user device at a cloud server. Upon successful validation, the system receives context data from the user device, which includes information about the physical environment and the device's internal state. The physical context data includes user identity, GPS location, and accelerometer readings, while the device context data includes running applications, battery level, and screen brightness. The system synchronizes this context data with the cloud server and uses it to enforce security checks on user requests for resources. By analyzing real-time sensor data, the system dynamically adjusts security policies to mitigate risks based on the user's environment and device conditions. This approach enhances security by incorporating situational awareness, such as detecting unusual device behavior or unauthorized access attempts. The system ensures that access to resources is granted only when the context data aligns with predefined security policies, reducing the risk of unauthorized access or data breaches.
10. The computer program according to claim 9 , wherein access to the resources is subject to one or more preconditions related to the context data.
This invention relates to a computer program for managing access to resources based on contextual data. The system monitors contextual data, such as user behavior, environmental conditions, or system state, to determine whether predefined preconditions are met before granting access to resources. The contextual data may include factors like time, location, device status, or user authentication status. The program evaluates these conditions in real-time to enforce access control policies dynamically. If the preconditions are satisfied, access is permitted; otherwise, access is restricted or modified. This approach enhances security by ensuring resources are only accessible under specific contextual circumstances, reducing unauthorized access risks. The system may also log access attempts and contextual data for auditing and compliance purposes. The invention is particularly useful in environments where access control must adapt to changing conditions, such as enterprise networks, IoT devices, or cloud-based services. By integrating contextual awareness into access control, the system provides a more flexible and secure method of resource management compared to static permission models.
11. The computer program according to claim 9 , wherein the computer program, when executed by the processor, further causes the processor to determine if the requests for resources are compliant with access control policies of the cloud server in addition to enforcing the context-sensitive security checks.
This invention relates to cloud computing security, specifically a computer program that enforces both context-sensitive security checks and access control policies for resource requests in a cloud server. The program operates by analyzing requests for resources within the cloud environment to ensure they comply with predefined access control policies, which may include permissions, roles, or other authorization rules. Additionally, the program performs context-sensitive security checks, evaluating factors such as the requester's identity, the requested resource, the time of access, and the network conditions to determine if the request is legitimate and secure. By combining these two layers of security, the system enhances protection against unauthorized access and potential threats. The program is designed to execute on a processor, dynamically assessing each request to maintain robust security while allowing legitimate access to cloud resources. This approach helps prevent unauthorized data breaches, policy violations, and other security risks in cloud computing environments.
12. The computer program according to claim 9 , wherein the context-sensitive security checks varies based on a sensitivity level of the resources.
This invention relates to computer security systems that perform context-sensitive security checks to control access to resources. The problem addressed is the need for dynamic security policies that adapt to the sensitivity level of resources, ensuring that access controls are appropriately stringent based on the criticality or confidentiality of the data or system components involved. The system includes a computer program that evaluates security checks based on contextual factors, such as user roles, system state, and environmental conditions. These checks are dynamically adjusted according to the sensitivity level of the resources being accessed. For example, highly sensitive resources may require multi-factor authentication, while less sensitive resources may allow access with basic credentials. The sensitivity level can be predefined or determined in real-time based on metadata, classification labels, or risk assessments. The program may also integrate with existing security frameworks, such as role-based access control (RBAC) or attribute-based access control (ABAC), to enforce these adaptive checks. Additionally, it can log security events and generate alerts when unauthorized access attempts are detected, particularly for high-sensitivity resources. The system ensures that security measures scale with the importance of the resources, reducing unnecessary restrictions for low-risk operations while maintaining strict controls for critical assets. This approach enhances security without compromising usability for non-sensitive operations.
Unknown
July 14, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.